A high-severity vulnerability has been discovered in multiple ETERNUS storage management products. This flaw could allow a remote, unauthenticated attacker to execute arbitrary code on affected systems, potentially leading to a complete system compromise, data theft, or service disruption. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this critical risk.

This vulnerability is a remote code execution (RCE) flaw within the ETERNUS SF management interface. An unauthenticated attacker can send a specially crafted HTTP request to a specific, exposed API endpoint. Due to improper input validation, this request can trigger a buffer overflow, allowing the attacker to execute arbitrary commands on the underlying operating system with the privileges of the management service account.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could lead to a complete compromise of the storage management infrastructure, granting an attacker control over critical storage resources. Potential consequences include unauthorized access to sensitive corporate data, data modification or exfiltration, deployment of ransomware, and significant operational disruption. The business risks include severe financial loss from downtime or data recovery, reputational damage, and potential regulatory fines for data breaches.

Immediate Action:

• Apply the security updates provided by the vendor across all affected ETERNUS SF installations immediately, prioritizing internet-facing or otherwise exposed systems.
• After patching, review system and application logs for any signs of compromise or indicators of exploitation attempts that may have occurred prior to the update.
• Confirm that the patch has been successfully applied and the system is no longer vulnerable.

Proactive Monitoring:

• Monitor web server and application logs for unusual or malformed requests to the ETERNUS SF management interface, particularly those targeting the affected API endpoint.
• Look for suspicious outbound network connections originating from the ETERNUS management servers.
• Monitor for unexpected processes or services running on the underlying operating system, especially those spawned by the ETERNUS SF service account.

Compensating Controls:

• If patching cannot be performed immediately, restrict network access to the ETERNUS SF management interface to a dedicated, trusted administrative network or specific IP addresses using a firewall.
• Deploy an Intrusion Prevention System (IPS) with rulesets designed to detect and block common web application attacks and buffer overflow attempts.
• Ensure application-level logging is enabled and logs are sent to a centralized SIEM for correlation and alerting.

Public Exploit Available: false

Given the high CVSS score of 8.8 and the potential for complete system compromise, this vulnerability presents a critical risk to the organization. All system owners must treat the remediation of CVE-2025-62577 as their highest priority. Although this vulnerability is not currently on the CISA KEV list, its severity makes it a likely candidate for future inclusion. Immediate patching is the most effective course of action; where patching is delayed, compensating controls must be implemented without exception to reduce the attack surface.